porsche/hr-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
360533393f6c449a50cbf9ce59712d5867cfce42
hr-portal/check_keycloak_clients.md
Porsche Chen 360533393f feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage 
Major Features:
-  Multi-tenant architecture (tenant isolation)
-  Employee CRUD with lifecycle management (onboarding/offboarding)
-  Department tree structure with email domain management
-  Company info management (single-record editing)
-  System functions CRUD (permission management)
-  Email account management (multi-account per employee)
-  Keycloak SSO integration (auth.lab.taipei)
-  Redis session storage (10.1.0.254:6379)
  - Solves Cookie 4KB limitation
  - Cross-system session sharing
  - Sliding expiration (8 hours)
  - Automatic token refresh

Technical Stack:
Backend:
- FastAPI + SQLAlchemy
- PostgreSQL 16 (10.1.0.20:5433)
- Keycloak Admin API integration
- Docker Mailserver integration (SSH)
- Alembic migrations

Frontend:
- Next.js 14 (App Router)
- NextAuth 4 with Keycloak Provider
- Redis session storage (ioredis)
- Tailwind CSS

Infrastructure:
- Redis 7 (10.1.0.254:6379) - Session + Cache
- Keycloak 26.1.0 (auth.lab.taipei)
- Docker Mailserver (10.1.0.254)

Architecture Highlights:
- Session管理由 Keycloak + Redis 統一控制
- 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session
- Token 自動刷新,異質服務整合
- 未來可無縫遷移到雲端

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00

58 lines
1.7 KiB
Markdown
Raw Blame History

# HR Portal Keycloak 整合檢查
## Keycloak 資訊
- **URL**: https://auth.ease.taipei
- **Realm**: porscheworld
- **管理員**: admin
## 需要的 Clients
### 1. hr-portal-web (前端)
- **Client ID**: hr-portal-web
- **Client Type**: Public (SPA)
- **Valid Redirect URIs**:
- http://localhost:10180/* (開發環境)
- http://10.1.0.245:10180/* (開發環境 - IP)
- https://hr.ease.taipei/* (測試/正式環境)
- **Web Origins**: 同上
- **Client Secret**: HdQMzecymLixWDJ1dgdH0Ql5rEVU1S5S (已在 frontend/.env.local)
### 2. hr-backend (後端)
- **Client ID**: hr-backend
- **Client Type**: Confidential
- **Service Account Enabled**: Yes
- **Valid Redirect URIs**:
- http://localhost:10181/* (開發環境)
- https://hr-api.ease.taipei/* (測試/正式環境)
- **Client Secret**: ddyW9zuy7sHDMF8HRh60gEoiGBh698Ew6XHKenwp2c0 (已在 backend/.env)
## 檢查步驟
1. 登入 Keycloak Admin Console: https://auth.ease.taipei/admin
2. 選擇 Realm: porscheworld
3. 進入 Clients 頁面
4. 檢查是否存在:
- [ ] hr-portal-web
- [ ] hr-backend
## 如果 Clients 不存在
需要創建這兩個 Clients,參考 Gitea 的整合方式:
- Gitea Client ID: gitea
- 可以參考 Gitea 的配置來設定 HR Portal
## 測試用戶
建議在 Keycloak 中創建測試用戶:
- Username: hr-test
- Email: hr-test@lab.taipei
- Password: (設定測試密碼)
- 用於開發和測試 HR Portal 功能
## 當前環境說明
- **開發環境**: 10.1.0.245 (Windows) - 前端 10180 / 後端 10181
- **測試環境**: 透過 Traefik 反向代理 - https://hr.ease.taipei
- **SSO**: 共用 10.1.0.254 的 Keycloak (auth.ease.taipei)
- **資料庫**: 10.1.0.20:5433 (PostgreSQL 16, admin 用戶)
Reference in New Issue View Git Blame Copy Permalink